I want to add a search filter in my custom plugin backend

I am developing a plugin.in the backend i want a search filter ,which go through entire table and list the details.

I have simply created a form ,attaching the code here.

 public function SearchSection(){      echo '<p class="search-bx">     <form action="" id="searchForm" method="get">     <label class="searchbar_st" for="#">Search :</label>     <input type="search" id="sbr_search" name="s" value="">         <input type="submit" id="search_submit" class="button" value="Search"></p>         </form>';                 global $  wpdb;          $  table_custom = $  wpdb->prefix . 'my_custom_table';                    //-----------------------------         $  output = '';          if(isset($  _POST['searchForm'])) {           $  search = $  _POST['searchForm'];           $  search = preg_replace("#[^0-9a-z]i#","", $  search);                  $  query = mysqli_query("SELECT * FROM 'my_custom_table' WHERE town LIKE '%$  search%'") or die ("Could not search");           $  count = mysqli_num_rows($  query);                      if($  count == 0){             $  output = "There was no search results!";                  }else{                    while ($  row = mysqli_fetch_array($  query)) {                        $  id = $  row['customers_id'];                 $  Name = $  row['customers_name'];                 $  items = $  row['product_items'];                 $  period = $  row['billing_period'];                 $  amount = $  row['billing_total'];                    $  next = $  row['next_payment_date'];                 $  previous = $  row['previous_payment_date'];                 $  billing_link = $  row['billing_link'];                         echo "<tr>";                          echo "<td><a href=".$  billing_link."> ". $  id ."</a></td>";                 echo "<td>". $  Name ."</td>";                 echo "<td >". $  items ."</td>";                 echo "<td>".$  currency. $  amount.' / '.$  period."</td>";                 echo "<td>". $  next ."</td>";                 echo "<td>". $  previous ."</td>";                 echo "</tr>";                     }             }             else{                 echo "<tr><td cols=an='5'>No records found</td></tr>";             } 

And the code is not correct.Could anybody point me in the right direction.

PostgreSQL backend function after an elog(ERROR) had been issued

Getting this weird issue one time per postgresSql session. Like if I run this query first time, will return with below message but if I rerun the same, it works fine.

DEBUG: An attempt was made to call a PostgreSQL backend function after an elog(ERROR) had been issued ERROR: org.glassfish.jersey.internal.ServiceConfigurationError: org.glassfish.jersey.internal.inject.InjectionManagerFactory: : java.io.IOException: An attempt was made to call a PostgreSQL backend function after an elog(ERROR) had been issued.

Associate custom field with custom taxonomy with shortcode in backend

I am trying to associate a custom field to a custom taxonomy booked_custom_calendar. Custom field here is [notifications_user_id]. All this will be executed using a shortcode. When user clicks on Generate Calendar button, a term will be created and assigned to the current user using custom field and current user’s email as value in it. In this way I can filter and show this term (booked_custom_calendar) anywhere by comparing the email of current user and value in custom field.

Please help me save this field to custom taxonomy.

function createMyCustomCalendar(){      $  current_user = wp_get_current_user();     $  custom_calendar_name = "$  current_user->display_name\'s - Calendar";          $  parent_term = term_exists( $  custom_calendar_name, 'booked_custom_calendars' ); // returns an array if the taxonomy exists     $  parent_term_id = $  parent_term['term_id']; // get the numerical value of the term          $  insert_data = wp_insert_term(     $  custom_calendar_name, // new term     'booked_custom_calendars', // taxonomy     array(     'description' => $  current_user->ID,     'slug' => '',     'parent' => $  parent_term_id     )     );     //Add new meta field and fill with user ID |     // add_term_meta($  term_id, 'term_author_id', $  current_user->ID, true);          if( ! is_wp_error($  insert_data) )     $  term_id = $  insert_data['term_id'];   // A callback function to add a custom field to our "presenters" taxonomy      // Check for existing taxonomy meta for the term you're editing       $  t_id = $  term_id; // Get the ID of the term you're editing       $  term_meta = get_option( "taxonomy_term_$  t_id" ); // Do the check   ?>      <tr class="form-field">        <td>           <input type="text" name="term_meta[notifications_user_id]" id="term_meta[notifications_user_id]" size="25" style="width:60%;" value="<?php echo $  current_user->data->user_email;?>"><br />       </td>   </tr>     <?php           //$  t_id = $  term_id;           //$  term_meta = get_option( "taxonomy_term_$  t_id" );           $  cat_keys = array_keys( $  _POST['term_meta'] );               foreach ( $  cat_keys as $  key ){                   $  term_meta[$  key] = $  _POST['term_meta'][$  key];                                    //save the option array           update_option( "taxonomy_term_$  t_id", $  term_meta );               }     echo '<script>window.location.replace("'.get_admin_url().'?page=booked-appointments");</script>';      }     function showCustomCalendarButton(){  ?>     <form method="post"> <input type="submit" name="button1"  id="btn-1" value="Generate Calendar"/></form>  <?php if(isset($  _POST['button1'])) { createMyCustomCalendar(); }  }  add_shortcode('create-custom-calendar','showCustomCalendarButton'); ?> <?php 

WooCommerce – New Product Backend Template for Vendors/Employees

I will be running an online store where employees will need to add new variable products to the store regularly. The variable products would all have the exact same variations and pricing values so I am looking to make this process a little easier on my employees.

Is there any way to have a preset template with variations and prices already entered on the backend when employees go to add a new product?

Woocommerce custom script ajax post form data fails to be captured in backend

I am using woocommerce and I wanna customize admin page’s coupon section.

So I use the following code snippet such that I can write my own codes in my_script.js.

add_action('admin_enqueue_scripts', 'add_custom_js_file_to_admin'); function add_custom_js_file_to_admin($  hook) {     $  screen = get_current_screen();     if ( 'shop_coupon' === $  screen->id ) {         wp_enqueue_script('my_script', plugin_dir_url(__FILE__) . 'js/my_script.js');     } } 

I am successful to create a new custom field: Taxonomy as shown in the pic below. And ajax post request’s header indicates that the data should be sent correctly (the red box in the pic). I am

However, my backend code snippet below fails to retrieve the data from the post request ( eg: $ tax below is null):

add_action('woocommerce_coupon_options_save', 'save_coupon_text_field', 10, 2); function save_coupon_text_field($  post_id, $  coupon)     {       $  tax = $  _POST['wc_sc_taxonomy_restrictions[0][tax]'];       $  coupon->update_meta_data('taxonomy_tax', $  _POST['wc_sc_taxonomy_restrictions[0][tax]']);       $  coupon->update_meta_data('taxonomy_op', $  _POST['wc_sc_taxonomy_restrictions[0][op]']);       $  coupon->save();     } 

I got 2 questions:

(1) Can someone kindly share any idea on what’s wrong with my codes above?

(2) In the custom script my_script.js, I wanna call an api which serves to retrieve data from my database; the data will then be used as the options available for the taxonomy’s drop-down select box. Can anyone tell me how I can do so in my_script.js? Normally in my BE php file, I wrote sth like below, yet I don’t know how I can perform sth similar in my custom script:

 global $  wpdb;  $  result = $  wpdb->get_results('some sql here'); 

Backend on server keeps getting corrupt

I built an access database. It was originally meant to be for 6 people but I see that it’s up to about 20, so that could be the problem. Anyway, the backend gets corrupted a couple of times a day. It is usually possible to resolve this by opening the backend at which point it offers to fix it and usually does so.

The database is not particularly complicated (I don’t think) but it does have some VBA.

The basic idea of the database is that we are tracking lots that need to move through a set of processes but that get broken up. So we might receive 1000 items, and then have 300 of them go to prescreening, and later another 100, and so on through all the about 8 steps.

The way I’ve done this (which I’d be happy to change – I just don’t know what to change) is to have a small submission table, which tracks the lots as they come in, and a larger table (called preorder for reasons which don’t matter) which tracks the line items.

The preorder table has quite a large number of fields (about 75). But of importance to this is the quantity field and the status field. The status field tracks the items through the process (so from step 1=Receiving to 8=Shipping or whatever). The quantity tracks how many of this particular item there are from this batch with the other properties at this status.

Then there are forms for each of these steps with very similar VBA behind them. One of the fields will be basically "quantity to move to the next step" (this is one of the fields in the preorder table that is initially defaulted to 0). The user fills in this quantity (and some additional information potentially) and presses a button to process the step.

The VBA:

  1. opens a recordset (rs) for the preorder table where the status is 1 (say) and the quantity to go to the next step is >0.
  2. It also opens an appendonly recordset of the preorder table (rs2).
  3. Then it goes through the records in rs, adjusts the quantity down, and appends a new copy of the record with the new quantity and an updated status.

The below is an example from one of the screens. Others are similar, although there are some nuances baked in that may or may not be important.

```Private Sub btnProcess_Click()     DoCmd.Hourglass True     Dim db As Database     Dim rs As DAO.Recordset     Dim rs2 As DAO.Recordset     Set db = CurrentDb     Set rs = db.OpenRecordset("SELECT * FROM tblPreorder " & _                             "WHERE (((tblPreorder.StatusID)=1) AND ((tblPreorder.PSQuantity)>0));", dbOpenDynaset, dbFailOnError)     If rs.EOF Then         MsgBox "No records found for processing"         rs.Close         DoCmd.Hourglass False         Exit Sub     End If     Set rs2 = db.OpenRecordset("tblPreorder", dbOpenDynaset, dbAppendOnly)     rs.MoveFirst     Do Until rs.EOF         myQuantity = rs("Quantity").Value         PSQuantity = rs("PSQuantity").Value         rs2.AddNew         For Each fld In rs.Fields             SFld = fld.Name 'to catch special fields             Select Case SFld                 'special cases                 Case "ID":  'do nothing                 Case "Quantity":                     rs.Edit                     rs(SFld).Value = myQuantity - PSQuantity                     rs.Update                     rs2(SFld).Value = PSQuantity                 Case "Comment":                     If Len(Trim(rs("PSComment")) > 0) Then                         rs2(SFld).Value = Trim(rs("Comment")) & vbCrLf & Trim(rs("PSComment"))                     Else                         rs2(SFld).Value = rs(SFld)                     End If                 Case "StatusID":                     rs2(SFld).Value = 2 'Changes the status from 1 to 2                 Case "DateChanged":                     rs2(SFld).Value = Now()                 Case "EmployeeID":                     rs2(SFld).Value = UserID()                 Case "Location":                     If rs("PSLocation") <> "" Then                         rs2(SFld).Value = rs("PSLocation")                     End If                 Case "PSDate":                     rs2(SFld).Value = Now()                 Case "PSEmployeeID":                     rs2(SFld).Value = UserID()                 Case "PSQuantity":                     rs.Edit                     rs(SFld) = 0                     rs.Update                     rs2(SFld) = 0                 Case "ReleasedFiles": 'do nothing                 Case Else:                     rs2(SFld).Value = fld.Value             End Select         Next fld         rs2.Update         rs.MoveNext     Loop     rs.Close     rs2.Close     c = Me.CurrentRecord     Me.Requery On Error Resume Next:     DoCmd.GoToRecord acDataForm, Me.Name, acGoTo, c     MsgBox "Items moved to BNC Request"     DoCmd.Hourglass False End Sub''' 

My questions:

  1. If you see anything obviously wrong, of course, let me know. It works like a charm when it’s just me testing it. I’ve never managed to replicate the issue, but I can see that it’s happening in the production version.
  2. I’ve followed the advice on a couple of websites on avoiding this (e.g. https://www.techrepublic.com/article/get-it-done-top-10-ways-to-prevent-access-database-corruption/). I’m basically tinkering and trying things because I don’t fundamentally know what the issue is. E.g. I switched from recordset to DAO.recordset in the above code. It didn’t seem to make a difference, so I might go back. Everyone is using Access 2010 and the backend is Access 2010 so it seemed to make sense to use an Access specific recordset. I close all the recordsets (rs.close); I compile the VBA; I have saved the frontend as an accde; All users use the accde from their own computers; All users are using wired connections; I have version control so everyone is using the latest frontend.
  3. The main question, I suppose: How can I diagnose this? I could easily imagine putting a new table in to track who’s hitting the process button and when and which one. I’m probably going to do that to see what happens in the lead up to a corruption. But what are your recommendations for what to track and are there any other tricks and tips to get to the root of this?

Code specific questions:

  1. Recordset or DAO.Recordset or some other thing?
  2. dbFailOnError or dbSeeChanges or some other thing?
  3. rs.Edit … rs.Update on the couple of fields that get updated as I loop (current code)? Or one rs.Edit … rs.Update on either side of the loop?
  4. Should I be putting a manual hold or something to prevent people from running similar code simultaneously? It offends me a little to do so, since I kind of imagine that the people who make MS Access will do a better job than me at that sort of thing. But I could probably set a flag somewhere that literally makes people wait their turn. I’d still be worried about a race condition.

Wider database questions:

  1. Are there other secret settings that need to be adjusted to minimize this issue? Everyone is using MS Access 2010. Name AutoCorrect Options, Filter lookup options, caching, data type support options. I don’t really know what these do and I suspect there are gotchas everywhere! I had a similar database that I used for years without issue, so I was lulled into a false sense of security here.
  2. Have I structured this completely wrong? I’m okay to do a whole bunch of work – it would just be nice to have a good sense that it would solve the problem!


CSRF token not sent when calling the back-end?

My system composes of NuxtJs and AdonisJs application. Adonis handles csrf tokens for us by sending:

set-cookie: adonis-session=XXX; Path=/; HttpOnly set-cookie: XSRF-TOKEN=XXX; Max-Age=7200; Path=/; SameSite=Strict set-cookie: adonis-session-values=XXX; Path=/; HttpOnly 

Now from what I can see, it will set a cookie that can be sent only by a browser. And only if the host is the same. From my understanding, from that point on, browser is the one who will auto attach cookies like that to each request. The problem is, when Nuxt application is making an API request to the back-end I do not see any csrf token being sent when looking at the traffic trough BurpSuite.

And naturally adonis will reply with "Invalid CSRF Token", and respond with status code 500.

I’m not sure what am I missing, I fail to understand why browser is not sending that cookie. And just as the extra information I’ve failed to find it trough browser’s inspector window (Storage tab). Is it possible that the cookie is not set or?

I’ve seen other posts regarding this issue, but they where not helpful because the solution was composed of reading a cookie and manually sending it as the header. Which I do not advise, and is not the model I’m going to implement. I would rather leave it to the back-end framework and browser to do the job for me, because as we all know, there would be less room for me to make a mistake.

Thank you for reading this.

Getting and setting CSS variables with JQuery in WordPress backend fails

On a WordPress settings page of a plugin I develop, I have to implement a visual element that I want to change by JavaScript. I’ve got my solution working as it should and tested it on code-pen and JSFiddle. But when loading the equivilant code including the script, it will not work.

Here is the schema I’m using: HTML

<div id="origin" class="box"></div> <div id="target" class="box"></div> <button id="toggle-color">Toggle Color</button> 


:root {   --origin-color: red;   --target-color: blue; }  .box{   width: 150px;   height: 150px; }  #origin{   background-color: var(--origin-color); }  #target{   background-color: var(--target-color); } 

JS (jQuery 3.4.1)

(function( $   ) {     'use strict';     $  (document).ready(function(){               $  ('#toggle-color').on('click', function(event){         event.preventDefault();         var root = $  (":root");         var origin_color = '--origin-color';         var target_color = '--target-color';         var origin_value = root.css(origin_color);         var target_value = root.css(target_color);         root.css(origin_color, target_value);           root.css(target_color, origin_value);         return false;       });   });     })( jQuery ); 

The Problem I have is, that while it is working in test environments in the WordPress backend, the lines where I fetch the colors with

var origin_value = root.css(origin_color); var target_value = root.css(target_color); 

returns ‘undefined’, so the next line where I switch the colors fails.

See my example here: https://jsfiddle.net/tomybyte/hvbc3zu1/6/

I don’t understand why it is working in JSFiddle and code-pen but not when loading in WordPress (yes the code is loaded, I checked that!)

Why do CDNs allow arbitrary backend to be set, is it not a big security concern?

I found most CDNs allow the user to claim any domains to be the backend, I wonder why they do this instead of verifying if the user owns the backend domain. If I have myowndomain.com and set the backend to be facebook.com, wouldn’t it be an easier way to do attacks such as phishing? Of course, I still need to solve CORS, SOP, and Cookie related issues, but why do CDNs open the backend at the first place?